Warning over massive email hack

Warning to Australian businesses

The Australian Cyber Security Centre (ACSC) has issued a warning to Australian businesses and individuals about a hack which compromised 773 million unique email addresses and more than 21 million unique passwords last week and posted them to a hacking forum.

The breach, known as Collection #1, appears to be something of a breach of old breaches; It claims to aggregate over 2,000 leaded databases that contain passwords whose protective hashing (converting of passwords into unreadable strings of characters) has been cracked. The lists appear to be designed for use in credential-stuffing attacks, in which hackers throw email and password combinations at a given site or service. These are typically automated processes that prey especially on people who reuse passwords across the internet.

Tony Hunt, the security researcher who first reported and analysed Collection #1, has loaded the impacted accounts into the breach notification site “Have I Been Pwned”.

This site allows you to determine definitively if your account has been hacked simply by entering in your email address. The site will also show you how many previous breaches in which you might have been a victim.

Businesses have been instructed to ensure customer’ information is protected and report any serious breaches as soon as possible.